When Microsoft Security Essentials finds any infection it logs the path to executable file in the History tab, I think only if you choose to quarantine instead of deleting from the options presented but it may log it regardless

From this you should be able to identify the location where it is comming from